fix(cors): ensure trailing comma treated as empty value to be ignored (#10616)

* fix(cors): ensure trailing comma treated as empty value to be ignored Signed-off-by: Ardika Bagus <me@ardikabs.com> * test(cors): add e2e test Signed-off-by: Ardika Bagus <me@ardikabs.com> --------- Signed-off-by: Ardika Bagus <me@ardikabs.com>
2023-11-08 01:02:48 +07:00 · 2023-11-08 01:02:48 +07:00 · da51393cac
commit da51393cac
parent 8b026f42d5
4 changed files with 81 additions and 0 deletions
--- a/internal/ingress/annotations/cors/main.go
+++ b/internal/ingress/annotations/cors/main.go
@ -201,6 +201,10 @@ func (c cors) Parse(ing *networking.Ingress) (interface{}, error) {
 		origins := strings.Split(unparsedOrigins, ",")
 		for _, origin := range origins {
 			origin = strings.TrimSpace(origin)
+			if origin == "" {
+				continue
+			}
+
 			if origin == "*" {
 				config.CorsAllowOrigin = []string{"*"}
 				break
--- a/internal/ingress/annotations/cors/main_test.go
+++ b/internal/ingress/annotations/cors/main_test.go
@ -17,6 +17,7 @@ limitations under the License.
 package cors

 import (
+	"reflect"
 	"testing"

 	api "k8s.io/api/core/v1"
@ -172,3 +173,33 @@ func TestIngressCorsConfigInvalid(t *testing.T) {
 		t.Errorf("expected %v but returned %v", defaultCorsMaxAge, nginxCors.CorsMaxAge)
 	}
 }
+
+func TestIngresCorsConfigAllowOriginWithTrailingComma(t *testing.T) {
+	ing := buildIngress()
+
+	data := map[string]string{}
+	data[parser.GetAnnotationWithPrefix(corsEnableAnnotation)] = "true"
+
+	// Include a trailing comma and an empty value between the commas.
+	data[parser.GetAnnotationWithPrefix(corsAllowOriginAnnotation)] = "https://origin123.test.com:4443,    ,https://origin321.test.com:4443,"
+	ing.SetAnnotations(data)
+
+	corst, err := NewParser(&resolver.Mock{}).Parse(ing)
+	if err != nil {
+		t.Errorf("error parsing annotations: %v", err)
+	}
+
+	nginxCors, ok := corst.(*Config)
+	if !ok {
+		t.Errorf("expected a Config type but returned %t", corst)
+	}
+
+	if !nginxCors.CorsEnabled {
+		t.Errorf("expected %v but returned %v", data[parser.GetAnnotationWithPrefix(corsEnableAnnotation)], nginxCors.CorsEnabled)
+	}
+
+	expectedCorsAllowOrigins := []string{"https://origin123.test.com:4443", "https://origin321.test.com:4443"}
+	if !reflect.DeepEqual(nginxCors.CorsAllowOrigin, expectedCorsAllowOrigins) {
+		t.Errorf("expected %v but returned %v", expectedCorsAllowOrigins, nginxCors.CorsAllowOrigin)
+	}
+}